UPDATE: LinkedIn, the popular business-orientated social network, has been compromised with, reported 6.5 million passwords leaked out onto a Russian hacker website, and hackers are working on cracking the encrypted passwords. LinkedIn has confirmed today that “some” accounts have been compromised, but refused to speculate how much.
“We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts,” Vicente Silveria said on the LinkedIn Blog. “We are continuing to investigate this situation.”
Silveria also said that those members who had their accounts compromised will have their account invalidated and will receive an email to reset their password – there will be no reset link, you’ll have to reply to verify to get the link.
Password expert and consultant Per Thorsheim, however, told Norway’s Dagensit said that the passwords are “in a format that makes it relatively easy to break them” (of course, that is coming from a Google Translation of the page).
According to Dagensit:
It is posted on the Russian site is 6.5 million passwords, and this should prove to originate from LinkedIn, you can quickly take the conclusion that the majority is still safe. For LinkedIn, according to Wikipedia 161 million users. So is not that simple, says Thorsheim. For among so many users, many have the same password, and 6.5 million different passwords may even include all the users.
What is published is actually called “hashes” of users’ passwords. This is a kind of encrypted version of pasordene, who has gone through a transformation process. This process can not be directly reversed, but hackers can guess by checking if we can get the same “hash” by running different passwords through the same prodsedyre. If this had been done by hand it would be impossible, but today’s computing power, cheap and effective.
Thorsheim also confirmed the story on his Twitter account, but refused to disclose sources, citing non-disclosure agreements.
We strongly urge you change your passwords now. And if you’re using the same password for other social media accounts, or dare I say it, your bank account – it might be wise to change this as well. While these passwords are encrypted, they are not foolproof – a hacker can still decrypt it by a variety of methods. However, many of them happen to be simply brute force, looking for dictionary words or even going as far as guessing and checking.